[media] s5p-fimc: Avoid possible NULL pointer dereference in set_fmt op

This fixes following issue found with a static analysis tool:
Pointer 'ffmt' returned from call to function 'fimc_capture_try_format'
at line 1522 may be NULL and may be dereferenced at line 1535.
Although it shouldn't happen in practice, add the NULL pointer check
to be on the safe side.

Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>

diff --git a/drivers/media/platform/s5p-fimc/fimc-capture.c b/drivers/media/platform/s5p-fimc/fimc-capture.c
index 95e6a7820b5e3e91aad51aec83ebbc13e5c31b2b..aad0850d0c01bee418e6e37a8ee2b5f8669da5de 100644 (file)
--- a/drivers/media/platform/s5p-fimc/fimc-capture.c
+++ b/drivers/media/platform/s5p-fimc/fimc-capture.c
@@ -1561,6 +1561,10 @@ static int fimc_subdev_set_fmt(struct v4l2_subdev *sd,
                *mf = fmt->format;
                return 0;
        }
+       /* There must be a bug in the driver if this happens */
+       if (WARN_ON(ffmt == NULL))
+               return -EINVAL;
+
        /* Update RGB Alpha control state and value range */
        fimc_alpha_ctrl_update(ctx);